Replies

Assuming that you want to encrypt the LAN behind the Pixes, this should work as far as the IPSEC peers are 88.10.1.1 and 89.20.1.1 and you not blocking UDP Port 500 and Protocol 50 on the router and Pix.

In the above scenario, lets say the LAN 1 Behind the Pix 1 is 192.168.1.0/24 and LAN 2 Behind the Pix 2 is 192.168.2.0/24. And you want to encrypt the traffic between LAN1 and LAN2 using Pix 1 and Pix 2.

Traffic Flow from Pix 1 to Pix 2

Now, the source and destination IP Address will be encrypted, that is 192.168.1.0/24 and 192.168.2.0/24 but the encrypted packet's source IP will be 10.1.1.1 and destination IP will be 89.20.1.1. When this packet hits R1, the router will translate the source IP of the packet to 88.10.1.1.

Traffic Flow from Pix 2 to Pix 1

Now, the source and destination IP Address will be encrypted, that is 192.168.2.0/24 and 192.168.1.0/24 but the encrypted packet's source IP will be 10.2.2.1 and destination IP will be 88.10.1.1. When this packet hits R2, the router will translate the source IP of the packet to 89.20.1.1.